Puppy runs as root by default this could leave you vulnerable to being hacked or getting viruses, so does pose some risks.

some users setup there puppy os with all settings and accounts setup. then they remaster(make an iso) of this and burn it on cd. they run from cd in ram and don't use a save file or they use a re-writable (rw) cd and have a small save file on the cd/dvd. this is pretty secure. viruses that are designed to run on a hdd cant as there is none.

if you run your puppy os on a hdd or flashdrive full or frugalett the hdd or save file has a risk of getting a virrus. (even though linux generally is safe from viruses and hacking both still can happen.

run as spot user (runs apps without being root) or fido (fido is user account setup like any normal operating system). both run as a non root. also you can just run the apps that access the internet in spot

puppy also has a great firewall and there was also a system wide adblocker app made

what are your thoughts, experiences, ideas about security in puppy. feel free to share them

I have written this post quickly to get the ball rolling and will add relevant links when i have time or if anyone provides them below.

Your router probably has a firewall
You don't need GROWL security, I wrote the program but never bother with it. I may eventually port it to Puppi on the Raspberry Pi
GROWL is somewhere here and built into Puppy Slacko 5.3.3
http://puppylinux.org/wikka/security

"run as spot user (runs apps without being root)
or as fido (fido is user account setup like any normal operating system).

both run as a non root. also you can just run the apps
that access the internet in spot"

Thanks for taking up this subject. Are you good at using spot and fido?
I fail to get how it works. Okay no surprise because I am a confused user.

1.) Can you describe how you do it? Fido or Spot which is best? Pro et Cons for them?

2.) Suppose you have activated Fido at shutdown? Are you on Lupu
Slacko or Wary or what? So you are using Firefox and posting here in forum.

And there is a .sfs file you want to save from the forum.
How does that work in Spot or Fido? does it end up only
within Spot or Fido and you later have to move it to root HD?

3.) Suppose you want to download an iso from DW and you browse to that
link and click on it. How do you save to a linux-iso directory on the root
HD using your Fido or your Spot user?

4.) I know nothing but I get the gut feeling that Spot or Fido makes you
safer in that as a restricted user the Virus or Malware or Trojan can only
reach the home of Spot or Fido and have to log off and log in as root
for to save itself to the HD?

But as soon as you yourself does log into Root again for to move the
downloaded files .sfs and .iso files to root HD then the Virus or Malware
or Trojan also can move itself to root HD and then there where no safe
usage of Spot or Fido? The only way to make it safe is to reboot? before
using root again??? I may be wrong explain please!

So it would only work if you shutdown completely and then reboot into root?_________________I use Google Search on Puppy Forum
not an ideal solution though

Is it not typical that this few people share their views?
I feel disappointed. Was it my post that caused others
to decide to not contribute? Should I edit my posts
and write wrong thread and have no comment at all?_________________I use Google Search on Puppy Forum
not an ideal solution though

I agree with nooby, that this is an interesting subject. I think that one of the reasons that few people take part in this discussion, is that the concept of 'security' is misused every day. We are regularly being bombarded with reports of virus attacks, made by hoardes of bandits having nothing else to do than attacking domains and causing havoc. The constantly evolving browsers and other internet based applications, with all their new smart fatures, makes it difficult to grasp the basic problems; they drown in all the other hype over this and that security hole!

I think that a listing, or an overview, of the elements having a basic need for protection when using a network, made by one of you experts on the subject, is necessary to publish here, before any useful discussion can progress. Matters regarding running as root, and possibly other puppy related issues, are of course of special interest. It would also be interesting to know if the focus of attention regarding security, has moved over the last years, as a consequence of the technological advances.

I, for my part, know far too little about network issues to make any valuable contribution in the matter.

My views in the debate on the /root vs /home/user/ issue:

Puppylinux is a small, but very powerful, single user distribution, running as root is the only way to do it.

When running from a live CD/DVD, as I always do, there is no other way to access a HD or a memory stick, than as root. An alternative would be to use the same user name as owner of the devices, but then, what is the point of a puppy if it isn't portable?

When that is said, I also have to mention the number of times I have uploaded files to my /home-directory at the university, and forgot to change the permissions, making my own files inccessible from an on-site pc, where safety issues prevent me from booting my dpup...

Puppylinux is small because it is intended for a single-user, anyone can carry it on a CD/DVD or a USB stick, it 'works right out of the box', with a minimum of setup. I see no need for puppylinux as a multi-user distribution whatsoever!

I really think that people who need a multi-user puppy, should maybe look for another distribution? Why complicate life by adding more code to a puppy?

Although I am the only one accessing my machines, my multi-GB Debian on HDs is run as multi-user. Very sensible, not only because of all the hazzle of installing such a massive distribution, but to avoid having several users spending their remaining days with configuring and setting up, potentially thousands of applications.

I feel safe! I don't have a home page in my dpup's browser, I usually turn on privacy mode when I use it, my internet provider has firewalls, they give me a new IP every time I log on, I have a firewall, I run from RAM, no savefile on HD, but I can access all devices plugged in, if needed.

I don't have the need for communicating to god knows who, through our new 'social media', all kind of private information that might be useful for some attack on my privacy.

To feel even more safe, there are always the applications that hide your IP, let you browse from an anonymous 'safe' account, through TOR if you want that, and probably lots of other safe ways to access the internet. I don't use them, and I don't know anything about them. (Yet.)

Is it not typical that this few people share their views?
I feel disappointed. Was it my post that caused others
to decide to not contribute? Should I edit my posts
and write wrong thread and have no comment at all?

I was going to reply to you regarding how a restricted user operates compared to root user.

I just didn't know quite how to explain it. Here is a starter:

Linux is modeled after an extremely expensive operating system Unix.

The "floor plans" for Unix was designed as a multiple user OS. I also mean multiple users at the same time.

Two important design considerations were protecting the computer from the users and protecting the users from each other.

Diverging a bit. It is my opinion that security should be in the foundation of an OS rather than as bolt on software such as Microsoft does.

Specifically, Microsoft marketed DOS with hardly a thought for security or even connectively. Then DOS evolved into a GUI OS, but the security holes had to be discovered and bolted on because security was not in the foundation.

Unix always had a reputation of being fairly secure while Windows earned a reputation of being a malware magnet or something of the sort.

Now, if you fairly well understand directory trees and files, the next thing to understand is file permissions. I checked the Internet before posting to you to see if there are good Linux file permission tutorials available and there are. For this reason I won't try and teach file permissions to you. But they must be understood to understand the restricted user and root user differences

Lobster, If Fatdog really is multi user that would be a sensation. Apart from the old one based on 421?
none have accomplished this.

Not really. ..., Pizzasgood made multi-user from puppu 421.

Quote:

Is Fatdog then a variation or "fatter" version of 421
or a totally new attempt based on Lupu?

That's how Fatdog started, a "fatter" version of puppy 4.1. Today, Fatdog is compiled from scratch from T2 (just like Racy/Wary) - it is not based on anything.
...

Yes My apology to Pizzasgood. I knew your handle back in 2011 and
have referred to your version as Puppy412 or Puppy421 many times.

Then my poor memory lost your username but it where you I did refer to
above but knew not how to make it a proper reference there for the cryptic
421 mentioned.

Cool that it is a true multiuser that can still use puppy pets although
some still needs to be tweaked.

What I also like is that it allow us who are multi user challenged to start
being root and add the security later when we finally learn about permissions for multiuser.

What I didn't like where that SeaMonkey did not accept html pages on my internal HD.

Haha now I know that SeaMonkey run as user Spot and that it can not
open files on the HD. So the easy way out is to move a copy of that
html file to Spot directory and open it there instead.

And SeaMonkey can save files to the internal HD so how does that make it safer? I did not have to first save it in downloads at Spot and then move it.
If I can save a file to the internal HD so can any trojan or virus through SM?

Still good that it is true multi-user though._________________I use Google Search on Puppy Forum
not an ideal solution though

In the LH64 thread, the discussion seemingly is addressing what has been offered in this thread. This is a simple insight to what is discussed.

My History
In 1985, I had an interesting report come across my desk. It was an alert to something that had NOT been present in my industry, heretofore...."Viruses" in DOS. This was simply a theoretical supposition, but, it appeared that a government/business/persons could infect a machine from afar for its own specific purpose which differs from the machine owner.

Since then, a whole industry has been created that contributes to an economy's GNP that has arisen.

Today
Some company execs do not know the difference between viruses, malware, or security, thus, the IT staff and industry experts continue to misrepresent issues in this area of discussion.

Over the past 25 years, there have been many an expert that addressed viruses, malware, real and potential. I say "potential" because this usually arises from a gathering of software engineers who were brought together to "crack" a subsystem or a system. Most often times, when that is done, over 98% if the findings are "a first" which has NEVER been seen (0R exploited) before and over 98% of those have never, ever, been attempted at exploitation in the real world.

The security industry is awash with many, many methodologies that are implemented all of which are done by some person/manager/team whose job it has been to manage-consult a security approach to be used by a company they work for.

That being said, I have worked with so many companies for which there are NO standard approaches, nor implementation, nor methods of protections that addresses all situations.

I have only my own implementation that I work with which, in and of itself, is ONLY designed to address the most likely of situations. This is based upon my experiences, the OSes I use, as well as my current usage practices.

I will say, though, there is a reason that the industry exists in the fashion that it does. The OSes, all have design points. And, every OS has an approach which makes it vulnerable to an exploit.

In a community, like this Puppy Forum, we should concentrate on any OS tools that exist, to assist us in managing important data which resides on our system(s). That management is not just protecting, but providing generational copies to assist our recovery should we have an issue where recreation and recovery is necessary.

None of us, no matter how smart we think we are, can provide a implementation that will cover EVERY POSSIBLE METHOD OF DATA LOSS that is or would be possible.

The OS designers (all of them), do provide and address OS protections in ways that make sense. Where we can help is to understand what they provide and determine it that is sufficient to meet our needs. Then we can add additional tools as we see fit to assist the system's ability to keep our data safe. As well we can contact vendors through various means to offer insights that will be useful in data/subsystem/system protections.

Remembering, that this "security/malware-protection/virus-protection" will continue (for the foreseeable future) to be an individual selection and practice. This applies in the home, the SMB, the SME, or the corporate entity.

Here to help_________________Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Enginesor use DogPile

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum